Tracking Detection for Data Processing Systems Using Out-Of-Band Methods

Embodiments disclosed herein relate generally to managing a data processing system. More particularly, embodiments disclosed herein relate to systems and methods for managing data processing systems to reduce unauthorized tracking.

Computing devices may provide computer-implemented services. The computer- implemented services may be used by users of the computing devices and/or devices operably connected to the computing devices. The computer-implemented services may be performed with hardware components such as processors, memory modules, storage devices, and communication devices. The operation of these components may impact the performance of the computer-implemented services.

Various embodiments will be described with reference to details discussed below, and the accompanying drawings will illustrate the various embodiments. The following description and drawings are illustrative and are not to be construed as limiting. Numerous specific details are described to provide a thorough understanding of various embodiments. However, in certain instances, well-known or conventional details are not described in order to provide a concise discussion of embodiments disclosed herein.

Reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in conjunction with the embodiment can be included in at least one embodiment. The appearances of the phrases “in one embodiment” and “an embodiment” in various places in the specification do not necessarily all refer to the same embodiment.

References to an “operable connection” or “operably connected” means that a particular device is able to communicate with one or more other devices. The devices themselves may be directly connected to one another or may be indirectly connected to one another through any number of intermediary devices, such as in a network topology.

In general, embodiments disclosed herein relate to methods and systems for managing a data processing system. The data processing system may include out-of-band components usable for providing location data for the data processing system. The location data may be provided (e.g., to other devices that may participate in the management of the operation of the data processing system) by the out-of-band components via out-of-band network communications.

To provide the location data, the data processing system may include out-of-band components such as a management controller. The management controller may, for example, provide the location data via out-of-band communication channels to a server that may manage the location data and/or map locations of the data processing system over time. The out-of-band communication channels may use a communication network different from the communication network used by in-band communication channels thereby allowing the management controller to provide location data to the server without traversing in-band communication channels of the data processing system.

The use of out-of-band network communications may allow for the ability to obtain and monitor the location data for the data processing system over time, even when the data processing system is unpowered. This ability may allow a user with malicious intent to use the data processing system for unauthorized tracking purposes using the location data. For example, a user with malicious intent may give a person they intend to track the data processing system (e.g., a laptop computer). The user with malicious intent may then obtain the location data for the laptop computer, and by doing so also obtain the location of the person in possession of the laptop computer without their consent.

In order to decrease the likelihood that a user with malicious intent may use a data processing system for unauthorized tracking purposes, the data processing system may provide location data to a server via out-of-band methods. The server may then identify whether the data processing system is being used for unauthorized tracking purposes.

To identify whether the data processing system is being used for unauthorized tracking purposes, the server may also obtain location data from a second device with a known geographical relationship to the data processing system, and/or a device status report indicating whether the data processing system has been physically accessed by an authorized user within a predetermined amount of time. For example, a server may obtain and monitor the location data from the data processing system (e.g., a laptop computer) and a device the data processing system is known to have a geographical relationship with (e.g., a cell phone connected to the laptop computer via Bluetooth pairing). If the laptop computer is moved to a new location and is no longer paired to the cell phone via Bluetooth, the server may determine the laptop computer is being used as a tracking device.

If the server identifies that a data processing system is being used for unauthorized tracking purposes, the server may issue a tracking alert to the data processing system. The tracking alert may contain an action set to limit the ability of the data processing system to be used to perform unauthorized tracking. The action set may include generating an auditory and/or visual notification (e.g., making a noise, flashing lights, presenting a notification on the screen, etc.), locking the data processing system for use until a physical access of the data processing system is made, disabling a portion of functionality of the data processing system (e.g., location reporting functions) until the physical access is made, and/or making a report to an authority of the unauthorized tracking purpose for which the data processing system has been used.

Thus, embodiments disclosed herein may address, among other technical problems, the technical challenge of enabling unauthorized tracking activities to be detected, even when the data processing system is unpowered. To do so, the location data of a data processing system is provided to a server via out-of-band methods, allowing for the location of the data processing system to be monitored, even if the hardware components are unpowered. Using the location data of the data processing system, the location data of a second device with a known geographical relationship to the data processing system, and/or a device status report from the data processing system, a server may determine whether the data processing system may be being used for unauthorized tracking purposes and issue an alert to the data processing system. The data processing system may then perform an action set to update the operation of the data processing system to be less likely to be used to for unauthorized tracking purposes.

In an embodiment, a method for managing operation of a data processing system is disclosed. The method may include: providing, by a management controller of the data processing system and via an out-of-band communication channel, location data for the data processing system to a server to enable the server to identify whether the data processing system is being used for unauthorized tracking purposes, the location data indicating a geographical location of the data processing system; obtaining, by the management controller and via the out-of-band communication channel, an unauthorized tracking purpose analysis outcome determination; in a first instance of the obtaining, where the unauthorized tracking purpose analysis outcome determination indicates that the data processing system is be used to perform unauthorized tracking: performing an action set to update an existing operating state of the data processing system to a new operating state of the data processing system to limit an ability of the data processing system to be used to perform the unauthorized tracking; and in a second instance of the obtaining, where the unauthorized tracking purpose analysis outcome determination indicates that the data processing system is not being used to perform unauthorized tracking: continuing operation of the data processing system in the existing operating state.

The data processing system may include a network module adapted to separately advertise network endpoints for the management controller and hardware resources of the data processing system, the network endpoints being usable by a server to address communications to the hardware resources using an in-band communication channel and the management controller using the out-of-band communication channel.

The management controller and the network module may be on separate power domains from the hardware resources so that the management controller and the network module are operable while the hardware resources are inoperable.

The out-of-band communication channel may run through the network module, and an in-band communication channel that services the hardware resources may also run through the network module.

The network module may host a transmission control protocol/internet protocol (TCP/IP) stack to facilitate network communications via the out-of-band communication channel.

The location data may be generated by the network module.

The unauthorized tracking purpose may be tracking of a person without their consent.

The unauthorized tracking purpose analysis outcome determination may be based on: the location data of the data processing system; second location data for a device with a known geographical relationship to the data processing system; and a device status report regarding the data processing system.

The device status report for the data processing system may indicate whether the data processing system has been physically accessed by an authorized user within a predetermined amount of time.

The predetermined amount of time may be measured with respect to a start or an end of a geographic relationships between the data processing system and the device.

The action set may include at least one action selected from a group of actions consisting of: generating, by the data processing system, an auditory notification; generating, by the data processing system, a visual notification; locking the data processing system for use until a physical access of the data processing system is made; disabling a portion of functionality of the data processing system until the physical access of the data processing system is made; and making a report to an authority of the unauthorized tracking purpose for which the data processing system has been used.

In an embodiment, a non-transitory media is provided that may include instructions that when executed by a processor cause the computer-implemented method to be performed.

In an embodiment, a data processing system is provided that may include the non-transitory media and a processor, and may perform the computer-implemented method when the computer instructions are executed by the processor.

Turning to, a block diagram illustrating a system in accordance with an embodiment is shown. The system shown inmay provide for management of data processing systems that may provide, at least in part, computer-implemented services. The computer-implemented services may include any type and quantity of services including, for example, data services (e.g., data storage, access and/or control services), communication services (e.g., instant messaging services, video-conferencing services), and/or any other type of service that may be implemented with a computing device.

The computer-implemented services may be provided by one or more components of the system of. For example, data processing systemmay include portable devices that may provide computer-implemented services. Data processing systemmay include any number of hardware components (e.g., processors, memory modules, storage devices, communications devices). The hardware components may support execution of any number and types of applications (e.g., software components). Changes in available functionalities of the hardware and/or software components may provide for various types of different computer-implemented services to be provided over time.

To provide computer-implemented services, data processing systemmay include out-of-band hardware components (e.g., a management controller) that may be used to report location data for the data processing system via an out-of-band communication channel. By reporting the location data using out-of-band components and via out-of-band communication channels, potentially compromised or inoperable hardware resources (e.g., in-band components) may be circumvented, decreasing the likelihood of the location data becoming compromised (e.g., unreliable).

For example, data processing systemmay become lost or stolen while the hardware resources are unpowered. Using an out-of-band communication channel, the geographical location data of data processing systemmay be obtained by an authorized user, which may allow for its recovery.

However, a user with malicious intent may utilize the ability to obtain the location data of data processing systemto use data processing systemfor unauthorized tracking purposes. For example, a user with malicious intent may place data processing systemin a person's car with or without their knowledge. The user with malicious intent may then obtain the location of the person's car without the person's consent by obtaining the location data from data processing system, even if it is unpowered.

In general, embodiments disclosed herein may provide methods, systems, and/or devices for managing out-of-band location capabilities of a data processing system. The data processing system may include out-of-band components that may manage location data for the data processing system and provide the location data to an external device accessible to an authorized user of the data processing system, refer to. To manage the out-of-band capabilities of a data processing system, the system may detect when the data processing system is being used for unauthorized tracking purposes and take action to prevent the data processing system to continue to be used for unauthorized tracking purposes.

To perform the above-mentioned functionality, the system ofmay include data processing system, server, and/or other devices. Data processing system, server, other devices, and/or any other type of devices not shown inmay perform all, or a portion of the computer-implemented services independently and/or cooperatively. Each of these components is discussed below.

Data processing systemmay include any number and/or type of data processing systems. Data processing systemmay provide computer-implemented services according to its geographical location. To do so, data processing systemmay include out-of-band components, such as a management controller, capable of exchanging data with other devices via out-of-band communication channels.

For example, the management controller of data processing systemmay (i) provide data usable for determining its location (e.g., location data) to a first device via out-of-band communication channels, (ii) obtain data (e.g., computing instructions) from a second device via out-of-band communication channels, (iii) facilitate updating of the operation of data processing system(e.g., based on the computing instructions), and/or (iv) perform other actions relating to providing the computer-implemented services according to its location. For more information regarding out-of-band components of data processing system, refer to FIG.B. Data processing system(e.g., the management controller) may provide location data to a device upon request (e.g., by the device) and/or automatically. For example, data processing systemmay provide location data automatically (e.g., to registered devices) based on a schedule, upon (automatic) detection of a change (e.g., above a threshold) in location data, etc. Data processing systemmay provide location data, for example, to server, which may participate in managing operation of data processing system.

For example, the management controller of data processing systemmay provide the location data to serverin order to detect when data processing systemis being used for unauthorized activity, such as unauthorized tracking purposes. To detect when data processing systemis being used for unauthorized tracking purposes, servermay also obtain other location data and/or information from data processing system. For example, servermay also obtain location data of a second device with a known geographical relationship to data processing systemand/or a device status report from data processing system. If severdetermines data processing systemis being used for unauthorized tracking purposes, servermay issue a tracking alert to the management controller of data processing system, which may include an action set. The action set may include instructions to update the operating state of data processing systemto limit the ability of the data processing system to be used to perform unauthorized tracking.

To perform its functionality, servermay (i) obtain location data (e.g., via out-of-band communication channels, from the management controller of data processing system), (ii) monitor, manage and/or store location data (e.g., in a repository, not shown), (iii) obtain location requests from other devices (e.g.,), (iv) perform location reporting processes to retrieve location data (e.g., from the repository), (v) provide responses to location requests (e.g., provide location data to other devices) and/or (vi) perform other tasks associated with managing the operation of data processing systems. For example, servermay obtain (e.g., access), store, and/or provide computing instructions (e.g., an action set) for updating operation of a data processing system if serverdetermines the data processing system is being used for unauthorized tracking purposes. The action set may include instructions for updating the operation of the data processing system to limit the ability of the data processing system to be used for unauthorized tracking purposes.

Servermay provide location data and/or other data (e.g., computing instructions) to a device upon request, and/or automatically (e.g., to registered devices) based on a schedule, upon (automatic) detection of a change (e.g., above a threshold) in location data, etc. For example, servermay provide location data to other deviceswhen requested by other devices.

Other devicesmay include any number and/or type of user devices, servers, and/or other computing devices (e.g., that may request location data from server). For example, other devicesmay include a personal device that may be operated by a user, and the personal device may include an application usable for participating in the management of the operation of data processing system.

For example, a device of other devicesmay include functionality for (i) generating and/or providing (e.g., to server) a location request, (ii) obtaining location data (e.g., from server) in response to the location request, and/or (iii) providing computer-implemented services using the location data. The computer-implemented services may include, for example, geo-tracking services, device provisioning services, etc.

Thus, the location data of data processing systemmay be obtained by a user of other devicesvia out-of-band components of data processing systemusing out-of-band communication channels. By doing so, the location data may be available even when in-band components of data processing systemare unable to reliably transmit location data (e.g., due to being inoperable, unpowered, etc.).

When providing their functionality, any of data processing system, server, and/or other devicesmay perform all, or a portion of the methods shown in.

Any of (and/or components thereof) data processing system, server, and/or other devicesmay be implemented using a computing device (also referred to as a data processing system) such as a host or a server, a personal computer (e.g., desktops, laptops, and tablets), a “thin” client, a personal digital assistant (PDA), a Web enabled appliance, a mobile phone (e.g., smartphone), an embedded system, local controllers, an edge node, and/or any other type of data processing device or system. For additional details regarding computing devices, refer to.

In an embodiment, one or more of data processing system, server, and/or other devicesare implemented using an internet of things (IoT) device, which may include a computing device. The IoT device may operate in accordance with a communication model and/or management model known to data processing system, server, other devices, and/or other devices.

Any of the components illustrated inmay be operably connected to each other (and/or components not illustrated) with communication system. In an embodiment, communication systemincludes one or more networks that facilitate communication between any number of components. The networks may include wired networks and/or wireless networks (e.g., and/or the Internet). The networks may operate in accordance with any number and/or types of communication protocols (e.g., such as the internet protocol).

While illustrated inas including a limited number of specific components, a system in accordance with an embodiment may include fewer, additional, and/or different components than those illustrated therein. For example, while the system ofshows a single server (e.g.,), it will be appreciated that the system may include any number of servers.

Turning to, a diagram illustrating a data processing system in accordance with an embodiment is shown. The data processing system (e.g., data processing system) shown inmay be similar to any of the computing devices (e.g., data processing system) shown in.

To provide computer-implemented services, data processing systemmay include any quantity of hardware resources. Hardware resourcesmay be in-band hardware components, and may include a processor operably coupled to memory, storage, and/or other hardware components. Hardware resourcesmay (e.g., via the processor) provide the computer-implemented services desired by users of data processing system.

The processor may host various management entities such as operating systems, drivers, network stacks, and/or other software entities that provide various management functionalities. For example, the operating system and drivers may provide abstracted access to various hardware resources.

To facilitate communication, hardware resourcesmay host a network stack that may facilitate packaging, transmission, routing, and/or other functions with respect to exchanging data with other devices. For example, the network stack may support transmission control protocol/internet protocol communication (TCP/IP) (e.g., the Internet protocol suite) thereby allowing the hardware resourcesto communicate with other devices via packet switched networks and/or other types of communication networks.

The processor may also host various applications that provide the computer-implemented services. The applications may utilize various services provided by the management entities and use (at least indirectly) the network stack to communicate with other entities.